Saturday, November 8, 2014

How Does A Router With NAT Protect My Computer?

A router uses something called NAT (network address translation) to share your public IP address (which you only get one of) with the numerous Internet-enabled devices that most people own these days. Letting many devices share a single IP address is not only convenient, but it gives you a nice bump in security.

Think of the router as a decoy for your network. The router takes all the malicious packets on itself and makes it harder to discover what the real targets are—your personal computer and other devices like phones, tablets, smart TVs, blue-ray players, etc. TCP/IP works because devices can connect directly to each other. But the router obscures the end point devices by making them non-directly-addressable. To attack something from the outside, you have to get through router’s NAT to connect directly to the computer you are trying to attack, which in practice almost never happens.

Most systems are compromised by tricking the target human into clicking on a malicious attachment or installing a malicious program thinking it’s harmless. If your system is compromised, it’s probably because the weak link was the human. This technique of tricking the humans into compromising their own systems is called ‘social engineering’ and even savvy people can fall for it. My wife even fell for a domain registration scammer trying to charge me $100 to have my domain submitted to Google, which no sysadmin on earth would fall for, but my wife almost just paid it.

The Weak Link is You


Social engineering could be anything from someone calling a company you do business with and impersonating you, to a phishing attack pretending to be your uncle Ned telling you about this great property for sale in Idaho. The same people who are suspicious of computers will tell you every password in the company if you convince them you are with the IT department and sound like you know your stuff.

So I think for security, some folks are thinking in the wrong directions. The biggest threat to your security is you. I don’t even trust attachments from my wife when I can walk downstairs and double check she sent me a link. The less sophisticated I think someone is, the less likely I am to open an attachment from that person. I have some relatives who only send me email or post to my Facebook wall when their computer is compromised and starts spamming everyone. The shady people I know usually have a better grasp on technology

No comments:

Post a Comment